In a typical online session on the Internet, a user will encounter pop-up windows advertising all possible kinds of products and services. These advertisements usually “pop-up” in a separate window on top of the current web browser window. Some pop-up advertisements are harmless and can be easily closed with the click of a command button provided as part of the pop-up window. However, other pop-up windows may provide a command button that is spoofed. The spoofed command button may trigger a hidden action like installing “spyware”, “adware”, stealing computer cycles, sending spam via the user's computer or other undesirable applications. FIG. 3 is an example of a pop-up window appearing to warn of adware or spyware, but may itself have spoofed buttons that would install a malicious program irrespective of whether the “Yes” or “No” button is selected. Although pop-up advertisements may have a system-supplied “Cancel” button that cannot be spoofed, namely the “X” button on the corner of a window, such a system-supplied button can be grayed-out, concealed or disabled. Some users may not know the difference between an explicit command button and a system-supplied “Cancel” button. There are also other pop-up windows that do not provide any command buttons to close the pop-up window other than affirmative command buttons like “Yes” or “Confirm” buttons. FIG. 4 is an example of such a pop-up window. This restricts user options to close the pop-up window, which would inevitably trigger possible undesirable follow-up actions unknown to the user. In attempting to close such malicious pop-up windows, a computer user risks authorizing a malicious action, which the computer would take to be an action consciously made by the user.
There are efforts to provide methods to avoid malicious pop-up windows like scanning malicious program code when a user has consciously given a command to download a program, where the scanning is conducted by comparing with a pre-existing set of programs prior to downloading the program code. Other efforts provide a method to escape from a display model dialog box, generated by an error Java applet, by diverting user input from the applet to the main browser loop, and receiving user key press command to execute a close window. This prior art is directed to model dialog boxes created in the Java programming language.
Thus, there exists a need to overcome at least one of the preceding deficiencies and/or limitations of the related art.